Security researchers reveal details of serious bug in compression tool WinRAR
If you're a user of WinRAR -- a staple tool for decompressing files whose popularity stems from not only its support for RAR files, but also its never-ending trial period -- it's time to ensure you have the latest security patch installed.
Security experts from Check Point Research have revealed details of a serious bug that has been present in the software for at least 14 years. The archiving tool was found to have a vulnerability in one of its .dll files, which could be exploited by simply opening a compressed file, and allows an attacker to "gain full control over a victim's computer".
Privacy: Facebook now lets Android users block background collection of location data
Faced with continued criticism about privacy, Facebook is rolling out an update to Android users that gives a greater degree of control over the sharing of location data with the social network.
Specifically, the update makes it possible to stop Facebook from using tracking your location in the background when you are not using the app. The change brings parity to the iOS and Android Facebook apps.
Employees and contractors expose information online in 98 percent of organizations
Employees and contractors are exposing confidential and sensitive information online and in the cloud in some 98 percent of organizations. This is found primarily in Dropbox, Google, and Microsoft SharePoint.
This is among the findings of a new report from insider threat specialist Dtex Systems which has analyzed information from work-issued endpoints and more than 300,000 employee and contractor accounts.
GitHub widens the scope of its bug bounty program and increases rewards
Now in its fifth year, the GitHub Security Bug Bounty has been updated to offer larger rewards to those who find bugs. At the same time, the scope of the program is being expanded and protections for researchers have been added through new Legal Safe Harbor terms.
As well as expanding the program to cover any of its "first-party services", GitHub has effectively removed any upper limit on the size of reward pay-outs for critical bugs.
Formjacking is the new cash generator for cybercriminals
The latest Symantec Annual Threat Report reveals that cybercriminals are continuing to follow the money, but as ransomware and cryptojacking show falling returns they are turning to other techniques.
One of these is formjacking -- essentially virtual ATM skimming -- where cybercriminals inject malicious code into retailers' websites to steal shoppers' payment card details.
Microsoft reveals Russian hacking attacks as it expands AccountGuard protection across Europe
Microsoft has revealed that it detected various attacks by Russian hackers targeting democratic groups in Europe. The company says that numerous attacks carried out between September and December 2018 can be linked to a group known as Strontium.
Also known as Fancy Bear, the group is a cyber espionage outfit with ties to Russian intelligence agencies. At the same time as revealing some details of the attacks, Microsoft also announced the expansion of its AccountGuard security program to more European countries ahead of European Parliament elections.
Kali Linux 2019.1 with Metasploit 5.0 available for download
The first release for 2019 of the Debian-based Linux distro Kali Linux is now available for download. Kali Linux 2019.1 sees the kernel moving up to version 4.19.13, and it also includes Metasploit 5.0.
Offensive Security's penetration testing distro is much-loved by the infosec community, and this latest release includes ARM improvements, a range of bug fixes and package updates.
Branded calling solution seeks to rebuild trust in mobile calls
A few months ago we reported on a study that found half of calls to mobiles would soon be scams without more effective protection measures being introduced.
First Orion the company behind that survey is addressing the problem with the launch of a new platform that gives consumers confidence in answering calls, but also helps businesses get their legitimate communications through.
New solution protects converged IT and OT environments
The line between information technology and operational technology is an increasingly blurred one. As companies drive towards digital transformation so OT environments increasingly interconnect with IT, resulting in a complex, sensitive and vastly expanded attack surface.
This means OT security responsibility is often moving to to the CISO. Yet traditional IT security solutions lack the ability to continuously discover and assess sensitive OT assets.
New access suite delivers a software defined perimeter for hybrid environments
The move to accessing applications from the cloud and provisioning resources dynamically has led to organizations moving to a zero trust strategy to guard against attacks and data leaks. However, this can be hard to achieve with hybrid environments.
Secure access specialist Pulse Secure is adding Software Defined Perimeter (SDP) architecture to its platform to extends its foundation of Zero Trust access for hybrid IT.
From July, Windows 7 and Windows Server 2008 users will need SHA-2 support to get updates
Microsoft has announced that from the middle of July, Windows 7 and Windows Server 2008 users who want to continue to receive updates will need SHA-2 code signing support.
The change is being introduced because "the security of the SHA-1 hash algorithm has become less secure over time due to weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing".
Huawei: 'There's no way the US can crush us'
The founder of Huawei, Ren Zhengfei, has hit back against Trump's ban on the use of his company's hardware because of concerns about Chinese espionage, saying "there's no way the US can crush us". The US has been trying to encourage other countries to follow its lead in shunning Huawei, but the UK has said it will not stop the company -- which is due to launch its P30 range of smartphones next month -- from getting involved in the rollout of 5G networks.
Ren also lashed out at the US, saying that the arrest of his daughter and Huawei CFO, Meng Wanzhou, was politically motivated.
Australian political parties hit by hack orchestrated by 'sophisticated state actor'
Australia's three main political parties -- Liberals, Labor and Nationals -- as well as the country's parliament have all been hit by a security breach which Prime Minister Scott Morrison says was carried out by a "sophisticated state actor".
Although the country is due to hold elections in the coming months, Morrison says there is "no evidence of any electoral interference". While it is not currently known who is responsible for the attack, various potential culprits have been suggested, including China, the US, Israel and Russia.
Unlike the US, the UK does not want to ban Huawei from 5G networks
With concerns about Chinese spying, the US has been embarked on a campaign to prevent Huawei from operating in the country. In addition to banning officials from spending money on Huawei equipment, the US government has been trying to convince other countries to follow its lead and shun the company.
Despite US pressure -- and similar moves by New Zealand and Australia -- the UK says that it has no plans to cut Huawei technology out of 5G networks. The National Cyber Security Centre says that there are ways to mitigate against any potential risk posed by Huawei equipment.
Security researcher 'concerned' to find Twitter is not deleting your deleted direct messages
When you delete a direct message on Twitter, it is gone forever, right? From a user's point of view, this is true -- a deleted message vanishes. But a security researcher has discovered that Twitter is actually hanging onto these messages.
Karan Saini found that he was able to see messages he deleted years ago when he downloaded an archive of his Twitter data from the site.
© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.